[SIEM][Detection Engine][Tech Debt] Technical must haves and nice to haves

[FrankHassanabad]

Simple list of tech debt items which have accumulated.

• Increase unit test coverage back end (@FrankHassanabad @dhurley14 @yctercero) [SIEM] [Detection Engine] Increase unit test coverage #58274
• Increase unit test coverage front end (@spong @XavierM)
• Remove internal tags that are populating the signals when they are copied over
• Add skeleton end to end tests back end if possible and easy (@FrankHassanabad @dhurley14)
• Add simple set of Cypress tests front end (Anyone)
• Add schema validation to each endpoint before returning from REST. This will only throw errors in development mode and not production mode. This ensures that endpoints don't accidentally get additional data "tacked on" (@FrankHassanabad @dhurley14)
• Fix bugs with validation and "tighten it down more" such as from, to accepting regular expressions (@FrankHassanabad @dhurley14)

Nice to haves

• Better handling of line errors and rule_id for the importer code (@FrankHassanabad @dhurley14)
• Add a "fields" query parameter to all the REST endpoints like saved objects has and GraphQL has so we can "trim down" requests when we need to (@FrankHassanabad @dhurley14)
• Use "internal user" to do aggregations and manipulations with saved objects directly (@dhurley14 @FrankHassanabad) Edit: Decided to not do this and rather lean on others to implement this feature (soon-ish)

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[LeeDr]

Anything going into 7.6.2 from this?

[FrankHassanabad]

Hi @LeeDr, I am going to close this as we got most of our objectives completed. All changes are in 7.6.1 and don't think any in 7.6.2 from this ticket.